Daily NCSC-FI news followup 2020-08-29

Emotet malware’s new ‘Red Dawn’ attachment is just as dangerous

www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/ The Emotet botnet has begun to use a new template for their malicious attachments, and it is just as dangerous as ever. After a five-month “vacation, ” the Emotet malware returned in July 2020 and began to spew massive amounts of malicious spam worldwide. These spam campaigns pretend to be invoices, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.. When opened, these attachments will prompt a user to ‘Enable Content’ so that malicious macros will run to install the Emotet malware on a victim’s computer.. Emotet is considered the most widely spread malware targeting users today. It is also particularly harmful as it will install other dangerous malware such as Trickbot and QBot onto a victim’s computer. Due to this, it is vital to recognize the malicious document templates used by Emotet so that you do not accidentally become infected.

Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages

www.proofpoint.com/us/blog/threat-insight/threat-actor-profile-ta2719-uses-colorful-lures-deliver-rats-local-languages In late March 2020, Proofpoint researchers began tracking a new actor with a penchant for using NanoCore and later AsyncRAT, popular commodity remote access trojans (RATs). Dubbed TA2719 by Proofpoint, the actor uses localized lures with colorful images that impersonate local banks, law enforcement, and shipping services. To date, Proofpoint has observed this actor send low volume campaigns to recipients in Austria, Chile, Greece, Hungary, Italy, North Macedonia, Netherlands, Spain, Sweden, Taiwan, United States, and Uruguay.

Viral pro-Trump tweets came from fake African American spam accounts, Twitter says

www.nbcnews.com/tech/security/viral-pro-trump-tweets-came-fake-african-american-spam-accounts-n1238553 Twitter has taken action to stop a spam operation that pushed messages from fake accounts about Black people abandoning the Democratic Party. Disinformation experts and national security agencies are gearing up for the election, anticipating that social media platforms will continue to be central to foreign and domestic efforts to mislead voters.

5G Mobile Network Security: U.S. Government’s Strategy

www.msspalert.com/cybersecurity-news/5g-doh-strategy/ The Department of Homeland Security’s cyber wing has released a five point plan to safeguard the nation’s budding 5G mobile network infrastructure against cyber threats.

Instagram Help Center’ Phishing Scam Pilfers Credentials

threatpost.com/instagram-help-center-phishing-scam-pilfers-credentials/158777/ Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. Researchers said that the campaign has been targeting hundreds of celebrities, startup business owners, and other entities with sizeable followings on Instagram.

Näin poistat tietokoneen datat turvallisesti ennen myyntiä: 4 vaihtoehtoa

www.tivi.fi/uutiset/tv/1361f684-1d3f-4d93-ac2f-0fcce2c32a13 Mitä tehdä kun olisi tarve päästä eroon vanhasta tietokoneesta turvallisesti? Koska tietotekniikka kannattaa kierrättää, on seuraava etappi joko koneen myyminen käytettynä tai vieminen SER-keräyspisteeseen. Molemmissa tapauksissa kaikki koneella oleva data on syytä poistaa ensin.

Tietoturvariskit, tietojen keruu käyttäjistä… 10 ajankohtaista kysymystä Koronavilkku-sovelluksesta

www.is.fi/digitoday/art-2000006617973.html Sovelluksen tarkoituksena on auttaa tartuntaketjujen katkaisemisessa ja lisätä ihmisten mahdollisuuksia huolehtia terveydestään. Sovellus perustuu käyttäjien täydelliseen vapaaehtoisuuteen, mutta mitä useampi sitä käyttää, sitä tehokkaampi se on.

New Zealand bourse resumes trade after cyber attacks, government activates security systems

www.reuters.com/article/uk-nzx-cyber/new-zealand-bourse-resumes-trade-after-cyber-attacks-government-activates-security-systems-idUSKBN25O03Q New Zealand’s stock exchange resumed trading on Friday, after facing disruptions for four consecutive days in the wake of cyber attacks this week, while the government said national security systems had been activated to support the bourse. Finance Minister Grant Robertson said the Government Communications Security Bureau and the national agency fighting cyber crime had been called in to help the bourse. “I can’t go into much more in terms of specific details other than to say that we as a government are treating this very seriously, ” Robertson said in a media briefing in Wellington.There is no clarity on who was behind these two “offshore” attacks, but the failure to stop them has raised questions about New Zealand’s security systems, experts said.

You might be interested in …

Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service […]

Read More

Daily NCSC-FI news followup 2020-07-30

Hackers Broke Into Real News Sites to Plant Fake Stories www.wired.com/story/hackers-broke-into-real-news-sites-to-plant-fake-stories-anti-nato/ A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO. FireEye’s finding that all of those operations to plant fake news were carried out by a single group comes on the heels […]

Read More

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.